Graham Leggett <minfrin@sharp.fm> writes:
> Trouble is, I can create tables in db1 which is write access. I can also connect to db2 (bad), and I can enumerate
thetables in db2 (bad), although the queries of the contents say access is denied.
You need to read the docs about default privileges: see about
halfway down
https://www.postgresql.org/docs/15/ddl-priv.html
where it says "PostgreSQL grants privileges on some types of objects
to PUBLIC by default ...". In this case I think you likely need to
revoke the default public CREATE privilege on schema public in db1,
and revoke the default public CONNECT privilege on database db2.
regards, tom lane